[4.1] ba2fdde Test VMOD ACLs using vmod-debug

[Lasse Karstensen]

commit ba2fddea071875191c29d92274a839234d8f6ab0
Author: Dridi Boukelmoune <dridi.boukelmoune at gmail.com>
Date:   Tue Feb 23 18:44:14 2016 +0100

    Test VMOD ACLs using vmod-debug

diff --git a/bin/varnishtest/tests/m00023.vtc b/bin/varnishtest/tests/m00023.vtc
new file mode 100644
index 0000000..b45d5bf
--- /dev/null
+++ b/bin/varnishtest/tests/m00023.vtc
@@ -0,0 +1,32 @@
+varnishtest "Test VMOD ACLs"
+
+varnish v1 -vcl {
+	import debug;
+
+	backend dummy {
+		.host = "${bad_ip}";
+	}
+
+	acl loopback {
+		"127"/24;
+	}
+
+	sub vcl_init {
+		if (!debug.match_acl(loopback, "127.0.0.127")) {
+			debug.init_fail();
+		}
+	}
+
+	sub vcl_recv {
+		if (debug.match_acl(loopback, client.ip)) {
+			return (synth(200));
+		}
+		return (synth(500));
+	}
+} -start
+
+client c1 {
+	txreq
+	rxresp
+	expect resp.status == 200
+} -run
diff --git a/lib/libvmod_debug/vmod.vcc b/lib/libvmod_debug/vmod.vcc
index 8bc0dd2..ccf0d80 100644
--- a/lib/libvmod_debug/vmod.vcc
+++ b/lib/libvmod_debug/vmod.vcc
@@ -150,3 +150,7 @@ Reset to the previous snapshot of a workspace, taken from debug.workspace_snap.
 $Function VOID vcl_release_delay(DURATION)
 
 Hold a reference to the VCL when it goes cold for the given delay.
+
+$Function BOOL match_acl(ACL acl, IP ip)
+
+Perform an IP match against a named ACL.
diff --git a/lib/libvmod_debug/vmod_debug.c b/lib/libvmod_debug/vmod_debug.c
index 839d0ad..971e04c 100644
--- a/lib/libvmod_debug/vmod_debug.c
+++ b/lib/libvmod_debug/vmod_debug.c
@@ -36,6 +36,7 @@
 
 #include "vcl.h"
 #include "vrt.h"
+#include "vsa.h"
 #include "vsb.h"
 #include "vtim.h"
 #include "vcc_if.h"
@@ -464,3 +465,14 @@ vmod_vcl_release_delay(VRT_CTX, VCL_DURATION delay)
 	assert(delay > 0.0);
 	vcl_release_delay = delay;
 }
+
+VCL_BOOL
+vmod_match_acl(VRT_CTX, VCL_ACL acl, VCL_IP ip)
+{
+
+	CHECK_OBJ_ORNULL(ctx, VRT_CTX_MAGIC);
+	CHECK_OBJ_ORNULL(acl, VRT_ACL_MAGIC);
+	assert(VSA_Sane(ip));
+
+	return (VRT_acl_match(ctx, acl, ip));
+}